I used to get session in valve as requestContext.getRequest().getSession() and then set attribute in session. However i am not able to get this attribute in portlet JSP page from HttpSession or PortletSession. This seems to be same problem as given in another thread at http://permalink.gmane.org/gmane.comp.jakarta.jetspeed.user/23626
Probably if i could set the attribute in portletsession and with APPLICATION_SCOPE that may be available. But its not possibel to get portlet session in valve. On Wed, Mar 2, 2011 at 5:54 PM, anyz <[email protected]> wrote: > In custom security valve if i set an attribute in session. Later i 'm not > able to get this attribute in portlet JSP page. It is always > NULL. Application is deployed on Tomcat and already have set > crossContext="true". Does the session get overridden somewhere? > > Thanks > > On Wed, Mar 2, 2011 at 3:59 PM, anyz <[email protected]> wrote: > >> I think i got it...added the custom valve in default jetspeed pipeline >> that is in the following bean: >> >> <bean id="jetspeed-pipeline"......../> >> >> It is added after <ref bean="loginValidationValve" /> in constructor >> argument list. Now subject and everything is available.] >> >> Is this correct way to do things? >> >> >> >> >> On Wed, Mar 2, 2011 at 3:37 PM, anyz <[email protected]> wrote: >> >>> I added custom valve in "login-pipeline" bean defined in pipelines.xml >>> that is probably not right place to do. >>> >>> >>> >>> On Wed, Mar 2, 2011 at 3:10 PM, anyz <[email protected]> wrote: >>> >>>> I implemented my custom valve by extending AbstractSecurityValve. The >>>> documentation says this valve "Authenticates the user or redirects to Login >>>> if necessary, adds the authenticated Subject to the RequestContext." >>>> However in the invoke() method as i try to get subject from request >>>> context its always NULL. >>>> >>>> My understanding is this valve invokes login module to authenticate user >>>> and once authentication done it sets teh subject in request context. I have >>>> called the super.invoke(rc,vc) in my custom valve but subject is always >>>> NULL. >>>> >>>> Could you please guide what am i missing? >>>> >>>> Thanks >>>> >>>> >>>> >>>> On Wed, Mar 2, 2011 at 4:17 AM, Woonsan Ko <[email protected]> wrote: >>>> >>>>> >>>>> --- On Tue, 3/1/11, anyz <[email protected]> wrote: >>>>> >>>>> > From: anyz <[email protected]> >>>>> > Subject: Storing Custom Object in Session on User Login >>>>> > To: "Jetspeed Users List" <[email protected]> >>>>> > Date: Tuesday, March 1, 2011, 6:49 AM >>>>> > I need to set a custom class object >>>>> > into session once user logged into >>>>> > Jetspeed. This object will be accessed and used later by >>>>> > portlets. After >>>>> > searching into email list and forum i found two ways of >>>>> > intercepting J2 >>>>> > login process: >>>>> > >>>>> > 1- Custom Login Module >>>>> > 2- Custom Security Valve and possibly Filter (not sure if >>>>> > Filter works in >>>>> > Jetspeed 2.2.1 or its for old version) >>>>> > >>>>> > I manged to plug my custom login module however i could not >>>>> > find a way to >>>>> > get session in login() method and set my custom class >>>>> > object into session. >>>>> > Is it possible to get HttpSession in custom login module? >>>>> >>>>> It is not possible to access HttpSession in a JAAS LoginModule. >>>>> >>>>> > >>>>> > If i have write security valve, do i also need some sort of >>>>> > Serverlt filter >>>>> > where i can set custom object into session. >>>>> >>>>> You don't need a servlet filter if you use a custom security valve. >>>>> Servlet filter such as PoralLoginFilter is enabled/used only for some >>>>> environment like WAS instead of Jetspeed JAAS LoginModule. >>>>> >>>>> >>>>> Woonsan >>>>> >>>>> > >>>>> > >>>>> > Thanks >>>>> > >>>>> >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>>> >>>> >>> >> >
